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What is claimed: 
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A system for electronic transactions comprising: 
an electronic card having, 

a cryptographic service for encryption and decryption, 
a data area for storing cardholder information, and 
data area for storing service provider information; 
a service provider member terminal responsive to activation of the electronic card; and 
a service provider terminal in communication with the service provider member terminal, 
the service provider teVninal decrypting communication from the service provider member 
terminal and encrypting\ommunication to the service provider member terminal, the service 
provider member terminal Vicrypting communication to the service provider terminal and 
decrypting communication frVn the service provider i 



The system of claim 1 wherein the 




9 is a physical card. 



3. The system of claim 1 nirther comprising software having the electronic card. 
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4. The system of claim 1 whereih the electronic card further comprises a card 
operating system for loading and updating cardr^lder information, changing access conditions, 
and managing the service provider data area. 



5. The system of claim 1 wherein the electronic card performs external 
communication read/write operations, and communicationsprotocol handling. 
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6. The system of claim 1 wherein the electronic cat^l further comprises software to 
manage the electronic card. 
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7. The system of claim 1 wherein the electronic card further comprises application 
software. 
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The system of claim 1 wherein the electronic card further comprises applets. 
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9. \ The system of claim 1 further comprising an external system wherein the service 
provider termmal communicates with the external system. 

10. Tire system of claim 1 wherein the data area for storing service provider 
information includes^at least one service provider record, each service provider record 
comprising: 

a name field indicting the service provider; 
at least one key value; 

a key-type indication indicating the type of Ae k<& value; and 
an account information neld containing iniormatupn unique to each service provider. 




1 1 . The system of claim \0 wherein the service provider record further comprises 
an instrument-type indication indicatingslhe type of instrument a service provider supports. 

12. The system of claim 10 wherbin the service provider record further comprises an 
access condition, which a user must satisfy to gkin access to the service provider information. 
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13. A method of conducting an electron!^ transaction using an electronic card 
comprising: 

formatting a key exchange request message at a Member; 

sending the key exchange request message from the^member to a service provider; 
generating a session key at the service provider; 

formatting a key exchange response message including^he session key at the service 
provider; 

sending the key exchange response message from the service provider to the member; 

and 

using the session key to conduct a transaction. 
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\14. A method of conducting an electronic transaction using an electronic card 
comprising: 

fonWting a key exchange request message at a member, the key exchange request 
message has i^member challenge for the service provider; 

sending\he key exchange request message from the member to a service provider; 
generating^ session key at the service provider; 

formatting aSkey exchange response message including the session key at the service 
provider, the key exchange response message has a response for the member challenge and a 
service provider challenge for the member and sending it to the member; 

formatting by the member a response for the service provider challenge and sending it to 
the service provider; and \ y^v* 

using the session key to\onduct a transaction!/ 

15. The method of clainri3 or 14 wfterein the step of using the session key to 
conduct a transaction comprises the steps of: 

formatting by a member a transaction request message using the session key, the 
transaction request message including a digital signature of the member, and sending the 
transaction request message to the service provider; and 

formatting at the service provider, a transaction response message for the member using 
the session key, the transaction response including ^digital signature of the service provider, and 
sending the transaction response message to the member. 

1 6. The method of claim 1 5 wherein the membV encrypts, using the session key 
assigned to him by the service provider, his account information, the transaction amount and 
sensitive transaction data in his transaction request message, thk sensitive transaction data being 
information that is accessible only to the service provider. \ 

17. The method of claim 15 wherein the member includes\plain text in his transaction 
request message. \ 
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18* The method of claim 1 5 wherein the member includes the transaction 
identification assigned to him by the service provider, in his transaction request message. 

19. The method of claim 1 5 wherein the member includes a response to a service 
provider challengeSin his transaction request message. 
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20. The memod of claim 1 5 wherein the service provider encrypts the response data 
for the member using mercyber's session key and include the cryptogram as part of its transaction 
response message to the member. 
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21 . The method of claim 1 5 wherein theytfervhjp provider includes plain text in its 
transaction response message to theViember. 
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22. The method of claim 15 wherein the service provider includes member's 
transaction identification in his transaction response message to the member. 

23 The method of claim 15 further Comprises the steps of: 
formatting at the member, using the session key, a Transaction acknowledgment message, 
including a digital signature of the sending member, \pd sending the transaction 
acknowledgment message to the service provider. 
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24. The method of claim 1 5 wherein the membeXencrypts, using the session key 
assigned to him by the service provider, his acknowledgment a^ta in his acknowledgment 
message. 

25. The method of claim 1 5 wherein the member include^plain text in his 
acknowledgment message. 
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26. The method of claim 15 wherein the member includes the transaction 
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identification assigned to him by the service provider, in his acknowledgment message. 

2 A The method of claim 15 wherein the member chooses to encrypt sensitive 
information Vi the transaction acknowledgment message, the sensitive information being 
information that is accessible only to the service provider. 



28. The Vethod of claim 13 or 14 of conducting a key exchange comprising: 
generating a nwnber challenge by the member; 

encrypting by theViember the member challenge using the service provider's public key 
and generating a first cryptogram; 

formatting by the member a key exchange request message including the first cryptogram 
and member's public key; \ \ K / 

singing digitally by the men^ber the kejf exchange -equest message; 

sending the digitally signed kev exchange request message to the service provider; 

generating by the service provider a service provider challenge; 

generating by the service provider ^session key; 

encrypting by the service provider the\service provider challenge and the session key 
using the member's public key and generating ^second cryptogram; 

formatting by the service provider a key exchange response message including the 
second cryptogram and the response to member challenge; 

signing digitally by the service provider the keV exchange response message; 

sending digitally signed key exchange response irassage to the member; 

encrypting by the member the member response fonthe service provider challenge using 
the session key and generating a third cryptogram; \ 

attaching the third cryptogram to the next message goingtfrom the member to the service 
provider; \ 

signing digitally by the member the next message going fronrthe member to the service 
provider; and \ 

sending the next message going from the member to the service provider to the service 
provider. \ 
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29. The method of claim 28 wherein the member uses different pairs of private and 
public keys for different transactions in the messages to communicate with the service provider. 

30. \ The method of claim 28 wherein the key exchange request message and key 
exchange response message contain plaintext 
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3 1 . TFie method of claim 28 wherein the member chooses to encrypt his own public 
key using the service provider's public key in the key exchange request message. 
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32. The method of claim 28 wherein the member and service provider chooses to 
encrypt sensitive informarion in the key exchangereauest message and the key exchange 
response message, the sensitive information tjeing information that is accessible only to the 
service provider and the corresponding memf 



33. The method of claim 28 wherein the service provider encrypts the response to the 
member challenge as part of the second cryptogram. 
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34. The method of claim 28 wherein the service provider encrypts transaction 
identification as part of the second cryptogra 

35. The method of claim 28 wherein the service provider includes a transaction 
identification as part of the plain text in the key exchange response message. 
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36. The method of claim 34 wherein the member uses the transaction identification in 
the next message going from the member to the service provider. 
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37. The method of claim 35 wherein the member uses the transaction identification in 
the next message going from the member to the service provider. 



184297-4 



45 



34581/C718 




10 



43 15 

ah 



The method'of claim 13 or 14 of conducting a key exchange between two 
members afod a service provider comprises the steps of: 

sendnag a key exchange request message from the first member to a second member; 
combining at the second member, a second member key exchange request message with 
the first member'V key exchange request message and sending the combined key exchange 
request message, signed by the second member, to a service provider; 

formatting a k^y exchange response message at the service provider including the 
session key for the first member, signing the response message, formatting a key exchange 
response message including the session key for the second member, combining the key exchange 
response messages into a combined key exchange response message, signing the combined key 
exchange response message, and sending the conjoined l^py exchange response message to the 
second member; and 

separating at the second meViber, the keK^ ex<Mn^e.i^sponse message for the second 
member from the key exchange response message for the first member, and forwarding the key 
exchange response message for the firstViember to the first member. 



20 



25 



30 



35 



39. A method of claim 13 or 14 therein the step of conducting a transaction between 
two members and a service provider comprising 

formatting by a first member, using the firk member's session key, a transaction request 
message, the transaction request message including ^digital signature of the first member, and 
sending the transaction request message to a second member; and 

formatting by the second member, using the secon^ member's session key, a transaction 
request message; 

combining by the second member, the second member\ransaction request message with 
the first member transaction request message, the combined transaction' request message 
including a digital signature of the second member, and sending the^combined transaction request 
message to a service provider; 

formatting by the service provider, using the first member's session key, a transaction 
response message for the first member, including a digital signature of thaservice provider; 

formatting by the service provider, using the second member's sessron key, a transaction 
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resbonse message for the second member; 

\ combining the transaction response message for the first member with the transaction 
response message for the second member and forming a combined transaction response message, 
the combined transaction response message including a digital signature of the service provider; 
senoirig the combined transaction response message to the second member; 
separating at the second member, the transaction response message for the first member 
from the transaction response message for the second member; 

forwarding\y the second member the transaction response message for the first member 
to the first member. 
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40. The methoclof claim 39 further comprises the steps of: 

formatting at a first member, using the fipst memttir's session key, an acknowledgment 
message, the acknowledgment message including a digircfi signature of the first member, and 
sending the acknowledgment message to a second mei™e*^nd 

formatting at the second member, using-tPte^cond member's session key, an 
acknowledgment message, combining the second member acknowledgment message with the 
first member acknowledgment message atod forming a combined acknowledgment message, the 
combined acknowledgment message includrng a digital signature of the second member, and 
sending the combined acknowledgment messake to the service provider. 
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41. The method of claim 13 or 14 of conducting a key exchange between multiple 
members and a service provider arranged in series comprising the steps of: 

formatting a key exchange request message at a first member; 
sending the key exchange request message from the first member to a second member where the 
second member is a message router or participating member; 

sending a key exchange request message from the secondsjnember to a next member, if 
the second member is a message router; 

combining the second member's key exchange request message with the first member's 
key exchange request message and sending the combined key exchange rqessage to the next 
member if the second member is a participating member; 
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sending the combined key exchange request message to the next member if the current 
member is a. message router; 

combining a current member's key exchange request message with a previous member's 
key exchange request message and sending the combined key exchange request message to a 
next member, if thevcurrent member is a participating member; 

sending the combined key exchange request to a service provider if the current member is 
the last participating member or message router; 

generating at the service provider different session keys for different participating 
members; 

formatting, by the service provider, into one message^ key exchange response message 
including the different session keys for different participating members and sending the 
combined key exchange response message in reversq order o^jthe path for sending the combined 
key exchange request to the service provider; and 

separating, by every participating member, theTcey exchange response message for itself 
from the key exchange response messages fok the other participating members, and forwarding 
the remaining key exchange response messages^ the other participating members in reverse 
order of the path for sending the combined key exchange request to the service provider, until the 
first member receives its key exchange response message. 
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42. The method of claim 13 or 14 of conducting transaction using session keys 
between multiple members and a service provider arranged insseries comprising the steps of: 
formatting a transaction request message at a first memoir; 

sending a transaction request message from the first membq- to a second member where 
the second member is a message router or participating member; 

sending the transaction request message from the second memb^ to a next member, if 
the second member is a message router; 

combining the second member's transaction request message with th\first member's 
transaction request message and sending the combined transaction message to t^e next member if 
the second member is a participating member; 

sending the combined transaction request message to the next member if th^scurrent 
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jember is a message router; 

combining a current member's transaction request message with a previous member's 
transaction request message and sending the combined transaction request message to a next 
membe^ if the current member is a participating member; 

sending the combined transaction request to a service provider if the current member is 
the last participating member or message router; 

formarting, by the service provider, into one message, a transaction response message and 
sending the combined transaction response message in reverse order of the path for sending the 
combined transaction request to the service provider; and 

separating, bwevery participating member, the transaction response for itself from the 
transaction response foXthe other participating members^nd forwarding the remaining 



transaction response to thV other participating mi 
the combined transaction request message to thejservice 
its transaction response. 




reverse order of the path for sending 
rovider, until the first member receives 
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43. The method of claim\13 or 14 of conducting a key exchange between multiple 
members and a service provider arranged in a hierarchical organization comprising the steps of: 
formatting a key exchange requesrsmessage at a first member; 

sending the key exchange request message from the first member to a next member Xj,k 

(j=2,3,4 ; k=l,2,3 m; m is a variable of typ\n; n=l,2,3...; m can be different values of j) if 

the second member is a message router; 

combining a second member's key exchange Request message with the first member's 
key exchange request message and sending the combineckkey exchange request message to a 
next member Xj,k if the second member is a participating member; 

sending the combined key exchange request message t^the next member Xj,k if a 
current member Xj,k is a message router; 

combining a current member Xj,k's key exchange request rftessage with a previous 
member's key exchange request message and sending the combined key exchange request 
message to the next member Xj,k, if the current member Xj,k, is a participating member; 

sending the combined key exchange request to a service provider ifthe current member is 



184297-4 



49 



34581/C718 



the last participating member; 

\ generating at the service provider different session keys for different participating 
member!^ 

formatting, by the service provider, into one message, a key exchange response message 
including the^different session keys for different participating member and sending the combined 
key exchange response message in reverse order of the path for sending the combined key 
exchange request ro the service provider; and 

separating, by\every participating, the key exchange response message for itself from the 
key exchange response naessages for the other participating members in reverse order of the path 
for sending the key exchange request to the service provider, until the first member receives its 
key exchange response message. 

44. The method of claim 1 3 or 1 4 of cpnductifflg a transaction using session keys 
between multiple members and a service providenarra^dxn^iTierarchical organization 
comprising the steps of: \ 

formatting a transaction request message at a first member; 

sending the transaction request message from the first member to a next member Xj,k (j 
= 2, 3, 4, . . . ; k = 1, 2, 3, . . . m; m is a variable\f type n; n= 1, 2, 3, . . . ; m can be different 
values of j) if the second member is a message router; 

combining a second member's transaction request message with the first member's 
transaction request message and sending the combined fiansaction request message to a next 
member Xj,k if the second member is a participating member; 

sending the combined transaction request message toNiie next member Xj,k if a current 
member Xj,k is a message router; \ 

combining a current member Xj,k's transaction request mtessage with a previous 
member's transaction request message and sending the combined transaction request message to 
the next party Xj,k if the current member Xj,k a participating member;\ 

sending the combined transaction request to a service provider if the current member is 
the last participating member or message router; \ 

formatting, by the service provider, into one message, a transaction response message for 
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eaclr^participating member and sending the combined transaction response message in reverse 
order of the path for each participating member and sending the combined transaction request to 
the service provider; and 

separating, by every participating, transaction response message for itself from the 
transaction response messages for the other participating members in reverse order of the path 
for sending the transaction request to the service provider, until the first member receives its 
transaction responseSmessage. 

45. The method of claim 1 3 or 14 of conducting a key exchange between two 
members and a service provider comprises the steps of: 

sending a key exchange\request message from the first member to a second member; 

combining at the second lumber, a second m^berl&ay exchange request message with 
the first member's key exchange request message and sending the combined key exchange 
request message, signed by the seconoSmember, to a Bervic/ provider; 

generating at the service providers^ session kejjjsed for both the first member and the 
second member; \ 

formatting a key exchange response message at the service provider including the 
session key for the first member, signing the response message, formatting a key exchange 
response message including the session key for the\econd member, combining the key exchange 
response messages into a combined key exchange response message, signing the combined key 
exchange response message, and sending the combined wey exchange response message to the 
second member; and \ 

separating at the second member, the key exchange response message for the second 
member from the key exchange response message for the first nrember, and forwarding the key 
exchange response message for the first member to the first membe^ 

46. The method of claim 1 3 or 1 4 of conducting a key exchange between multiple 
members and a service provider arranged in series comprising the steps of:\ 

formatting a key exchange request message at a first member; \ 

sending the key exchange request message from the first member to a second member 
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wn^re the second member is a message router or participating member; 

sending a key exchange request message from the second member to a next member, if 
the second member is a message router; 

combining the second member's key exchange request message with the first member's 
key exchange request message and sending the combined key exchange message to the next 
member if thevsecond member is a participating member; 

sending\he combined key exchange request message to the next member if the current 
member is a message router; 

combining ^current member's key exchange request message with a previous member's 
key exchange request message and sending the combined key exchange request message to a 
next member, if the current member is a partiofcatingNmember; 

sending the combined key exchange Request jjo a service provider if the current member is 
the last participating membenpr message ro| 

generating at the servient provider a session key" for the participating members; 
formatting, by the servicX provider, into one message, a key exchange response message 
including the session key for the participating members and sending the combined key exchange 
response message in reverse order of \|ie path for sending the combined key exchange request to 
the service provider; and 

separating, by every participating\pember, the key exchange response message for itself 
from the key exchange response messages f^f the other participating members, and forwarding 
the remaining key exchange response messages to the other participating members in reverse 
order of the path for sending the combined key exchange request to the service provider, until the 
first member receives its key exchange response mtessage. 
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47. The method of claim 13 or 14 of conducting a key exchange between multiple 
members and a service provider arranged in a hierarchicat\prganization comprising the steps of: 
formatting a key exchange request message at a firsrmember; 

sending the key exchange request message from the first member to a next member Xj,k 

(j=2,3,4 ; k=l,2,3 m; m is a variable of type n; n=l,2,3...; m\can be different values of j) if 

the second member is a message router; 
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combining a second member's key exchange request message with the first member's 
key exchange request message and sending the combined key exchange request message to a 
next member Xj,k if the second member is a participating member; 

sending the combined key exchange request message to the next member Xj,k if a 
current member Xj,k is a message router; 

combining a current member Xj,k's key exchange request message with a previous 
member's key exchange request message and sending the combined key exchange request 
message to the nexfunember Xj,k, if the current member Xj,k, is a participating member; 
sending the combineckkey exchange request to a service provider if the current member is the last 
participating member ok message router; 

generating at the service provider a sessionkgv for the participating members; 
formatting, by the service provider, into/one message, a key exchange response message 
including the session key for\he participating membei and sending the combined key exchange 
response message in reverse ora^r of the path ^r ^di^JJ>efcombined key exchange request to 
the service provider; and 

separating, by every participating, the key exchange response message for itself from the 
key exchange response messages for tSe other participating members in reverse order of the path 
for sending the key exchange request to the service provider, until the first member receives its 
key exchange response message. 
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48. The method of claim 38 wherein tlAservice provider provides each member 
involved in a transaction with other member's public keys. 
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49. The method of claim 41 wherein the service provider provides each member 
involved in a transaction with other member's public ke> 



50. The method of claim 43 wherein the service provider provides each member 
involved in a transaction with other member's public keys. 
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51. The method of claim 45 wherein the service provideXprovides each member 
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